Professional Documents
Culture Documents
11.3.5 Lab - Document Enteripse Cybersecurity Issues
11.3.5 Lab - Document Enteripse Cybersecurity Issues
11.3.5 Lab - Document Enteripse Cybersecurity Issues
Version)
Instructor Note: Red font color or gray highlights indicate text that
appears in the instructor copy only.
Objectives
Part 1: Record your assessment of Athena's cybersecurity issues.
Part 2: Record the different types of assets owned by Athena.
Part 3: List the threats for each asset type.
Part 4: Recommend mitigation techniques to address each threat.
Note: This lab assumes you have basic knowledge of vulnerabilities, threats, and mitigation techniques.
Scenario
Athena Learning Incorporated is an educational service provider. Athena has two major lines of business:
course content creation and online learning services. Athena creates learning content and hosts learning
content. Athena also provides internet sales services that enable its partners to charge their students to
attend their courses.
Athena employs about 100 people in its headquarters office, and about 5 people each in its London and
Singapore offices. Because it provides content and delivery services globally, Athena must comply with
diverse privacy and security standards.
Athena serves as custodian for its own content and content that belongs to its partners. That content includes
text, graphic, video, and interactive assets. This content is the essential intellectual property of the company.
It also manages student account information including student registration, authentication, records, and
payment information. Athena manages its own SQL databases, some of which are connected to web portals.
The Athena network consists of mostly MS Windows and Apple IOS clients with a mix of Microsoft and Linux
servers to store business and employee records, learning content assets, and financial information, including
customer data. The hosts include various PC brands and models of varying age. Different versions of
operating systems are in use. Athena uses cloud services to deliver courses to the public, but must house
assembled courses on the internal network for creation and editing. When the courses become available, they
are mirrored to the cloud. Employees are permitted to use their personal phones and tablets for work. In
addition, some employees work from home, but require full network access to do so. Athena also hosts its
own DNS, email, and intranet services.
Athena employees use common office application software, custom applications, and tools that have been
created internally.
Athena provides access to parts of its internal network to its partners through a secure web portal. Clients are
able to preview their course content and deliver course assets to Athena for assembly in the Athena learning
management system. Students interact with the cloud-managed learning platform through their web account
logins.
In this lab, you will apply your knowledge of cybersecurity threats and mitigation techniques to a corporate
setting. You will read about a business, classify its assets, and then list the potential vulnerabilities and
threats that the business faces. Finally, you will recommend threat mitigation measures for the threats that
you identify.
2021 - 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 1 of 5 www.netacad.com
Lab - Document Enterprise Cybersecurity Issues
Required Resources
Devices with internet access
Instructions
antivirus software
malware block access to known
phishing malicious sites
host operating malicious websites user security training
systems security vulnerabilities patching
exploits of unpatched patching
vulnerabilities security policies regarding use
office applications various application attacks of unauthorized software
data entry errors
SQL databases XML or SQL injection data input validation
vulnerable server software
web server software cross-site scripting patching
secure software development
in-house applications various application exploits strong input validation
2021 - 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 2 of 5 www.netacad.com
Lab - Document Enterprise Cybersecurity Issues
data backups
power protection
power interruption power protection
hard drive failure badge-based or biometric access
other physical damage control
desktop PCs control access to facilities user security training
antivirus
host-based firewall
loss, theft, or damage regular data backups
hard drive failure drive encryption
laptop PCs other physical damage physical access control
power protection
power interruption automated backups
hard drive failure physically secure server room
File servers physical damage redundant servers
power interruption power protection
Networking physical damage physically secure wiring closets
equipment unauthorized administrative access and equipment locations
Blank Line, No additional information
2021 - 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 3 of 5 www.netacad.com
Lab - Document Enterprise Cybersecurity Issues
Reflection
1. Why is it useful to categorize assets when identifying threats and mitigation techniques?
2021 - 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 4 of 5 www.netacad.com
Lab - Document Enterprise Cybersecurity Issues
2021 - 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 5 of 5 www.netacad.com